# -*- coding:utf-8 -*-
"""
    全局变量定义
"""
import sys,os
from pdb import set_trace as strace
from traceback  import format_exc as dumpstack

# 提取IP信息
g_ip_http = r'(htt|ft)p(|s)://(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
g_ip_re = r'(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
g_lan_ip = r'(127\.0\.0\.1)|(localhost)|(10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(172\.((1[6-9])|(2\d)|(3[01]))\.\d{1,3}\.\d{1,3})|(192\.168\.\d{1,3}\.\d{1,3})'

port_malware = [
    {'protocol': 'tcp', 'port': '54211', 'description': 'Possible FreeBSD (FBRK) Rootkit backdoor'},
    {'protocol': 'tcp', 'port': '1984', 'description': 'Fuckit Rootkit'},
    {'protocol': 'udp', 'port': '2001', 'description': 'Scalper'},
    {'protocol': 'tcp', 'port': '2006', 'description': 'CB Rootkit or w00tkit Rootkit SSH server'},
    {'protocol': 'tcp', 'port': '2128', 'description': 'MRK'},
    {'protocol': 'tcp', 'port': '6666', 'description': 'Possible rogue IRC bot'},
    {'protocol': 'tcp', 'port': '6667', 'description': 'Possible rogue IRC bot'},
    {'protocol': 'tcp', 'port': '6668', 'description': 'Possible rogue IRC bot'},
    {'protocol': 'tcp', 'port': '6669', 'description': 'Possible rogue IRC bot'},
    {'protocol': 'tcp', 'port': '7000', 'description': 'Possible rogue IRC bot'},
    {'protocol': 'tcp', 'port': '13000', 'description': 'Possible Universal Rootkit (URK) SSH server'},
    {'protocol': 'tcp', 'port': '14856', 'description': 'Optic Kit (Tux)'},
    {'protocol': 'tcp', 'port': '25000', 'description': 'Possible Universal Rootkit (URK) component'},
    {'protocol': 'tcp', 'port': '29812', 'description': 'FreeBSD (FBRK) Rootkit default backdoor port'},
    {'protocol': 'tcp', 'port': '31337', 'description': 'Historical backdoor port'},
    {'protocol': 'tcp', 'port': '32982', 'description': 'Solaris Wanuk'},
    {'protocol': 'tcp', 'port': '33369', 'description': 'Volc Rootkit SSH server (divine)'},
    {'protocol': 'tcp', 'port': '47107', 'description': 'T0rn'},
    {'protocol': 'tcp', 'port': '47018', 'description': 'Possible Universal Rootkit (URK) component'},
    {'protocol': 'tcp', 'port': '60922', 'description': 'zaRwT.KiT'},
    {'protocol': 'tcp', 'port': '62883', 'description': 'Possible FreeBSD (FBRK) Rootkit default backdoor port'},
    {'protocol': 'tcp', 'port': '65535', 'description': 'FreeBSD Rootkit (FBRK) telnet port'}
]

# 建议推送云端检测的危险文件
g_dangerous_files = {}

# 3种等级的危险信息，高中低。
g_message_high = []
g_message_medium = []
g_message_low = []
g_dev_evaluate = {"evaluate": 100}

# cpu 设置的值
cpu_value = 70

# mem 参考值
mem_value = 70

ip_failed_count = 25
ips_failed_count = 100
ip_http = r'(htt|ft)p(|s)://(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
ip_re = r'(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
lan_ip = r'(127\.0\.0\.1)|(localhost)|(10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(172\.((1[6-9])|(2\d)|(3[01]))\.\d{1,3}\.\d{1,3})|(192\.168\.\d{1,3}\.\d{1,3})'

# 监测对象数量
g_monitoring_objects_num = {"count": 1}

# 日志和报告路径
g_anscan_filepath = {}

# 威胁文件列表
g_threat_files = [
    "/tmp/kworkerds3",
    "/tmp/kworkerdssx",
    "/tmp/osw.hb",
    "/tmp/.tmpleve",
    "/tmp/.tmpnewzz",
    "/tmp/.omed",
    "/tmp/.tmpc",
    "/tmp/gates.lod",
    "/tmp/84Onmce",
    "/tmp/lilpip",
    "/tmp/am8jmBP",
    "/tmp/.mer",
    "/tmp/.mynews1234",
    "/tmp/a3e12d",
    "/tmp/.tmpnewasss",
    "/tmp/khugepageds",
    "/tmp/.censusqqqqqqqqq",
    "/tmp/.kerberods",
    "/tmp/.sysbabyuuuuu12",
    "/tmp/logo9.jpg",
    "/tmp/miner.sh",
    "/var/tmp/kworkerds3",
    "/var/tmp/kworkerdssx",
]



